Knowledge Tree

Resource Scoring

Quantify infrastructure health, compliance, security, and operational maturity with configurable scoring models.

Overview

The scoring system provides quantitative assessments of your infrastructure across multiple dimensions. Each resource, scope, and provider receives scores that help teams prioritize improvements, track progress, and identify problem areas.

Score dimensions

DimensionWhat it measures
HealthOperational status, error rates, uptime, and resource age
ComplianceAdherence to compliance controls and policy requirements
SecuritySecurity posture, exposure, encryption, and IAM hygiene
ReliabilityRedundancy, backup configuration, and fault tolerance
Cost efficiencyResource utilization, right-sizing, and waste
Operational maturityTagging compliance, documentation coverage, ownership
Score range
All scores are normalized to a 0-100 range, where 100 represents perfect health. Scores above 80 are considered good, 60-80 needs attention, and below 60 requires immediate action.

Scoring engine

The scoring engine evaluates resources against configurable criteria:

# Scoring criteria definition
scoring:
  dimensions:
    health:
      weight: 1.0
      criteria:
        - name: resource_age
          description: "Resource is within expected lifecycle"
          query: "resource.age_days < 365"
          weight: 0.3
        - name: backup_status
          description: "Resource has active backups"
          query: "resource.backup_enabled == true"
          weight: 0.3
        - name: error_rate
          description: "Resource has low error rate"
          query: "resource.error_rate < 0.01"
          weight: 0.4

Aggregation

Scores are aggregated hierarchically:

  • Resource level -- individual resource scores for each dimension
  • Scope level -- average scores for all resources in a scope
  • Provider level -- average scores aggregated by cloud provider
  • Global -- organization-wide score across all scopes and providers
  • Trend -- score changes over time, with direction and velocity

Custom scoring

Organizations can define custom scoring criteria using graph queries:

# Custom security scoring rule
scoring:
  custom_rules:
    - name: "encryption_coverage"
      description: "Resources with encryption enabled"
      query: |
        MATCH (r:Resource)
        WHERE r.properties.encryption = true
        RETURN count(r) as passed
      weight: 0.2
    - name: "public_exposure"
      description: "Resources not publicly exposed"
      query: |
        MATCH (r:Resource)
        WHERE r.properties.public_ip IS NULL
        RETURN count(r) as passed
      weight: 0.3